Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Windows DHCP tampering vulnerability: are patch windows still enough?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: A Critical Windows DHCP tampering flaw, CVE-2026-45602, carries a 9.1 CVSS score and a 48 percent EPSS exploitation probability, according to Senserva, making pre-KEV patching the practical priority for exposed Windows Server and Windows 10 1809 estates. The issue underscores how network control-plane weaknesses can turn routine patching into identity and routing governance work, not just vulnerability hygiene.

NHIMG editorial — based on content published by Senserva: Microsoft's June 2026 Patch Tuesday analysis of CVE-2026-45602

By the numbers:

Questions worth separating out

Q: What breaks when a Windows DHCP tampering flaw is left unpatched?

A: An attacker who can tamper with DHCP responses can influence how clients receive network configuration, which can redirect traffic, distort DNS resolution, or disrupt service reachability.

Q: Why do high EPSS scores matter for vulnerability prioritisation?

A: EPSS adds a likelihood lens that CVSS does not provide.

Q: How do security teams know whether patching is keeping up with real risk?

A: Patching is keeping up only when the most recently exploited vulnerabilities are being closed quickly and the backlog of exposed assets is shrinking.

Practitioner guidance

  • Prioritise high-EPSS critical patches first Move CVE-2026-45602 into the front of the patch queue for any Windows Server 2019 or Windows 10 Version 1809 systems, especially hosts that provide or depend on DHCP.
  • Verify DHCP server coverage after deployment Confirm that the June 2026 cumulative update landed on every exposed build through Windows Update, WSUS, Intune, or the Microsoft Update Catalog.
  • Audit network trust dependencies around DHCP Map which segments, servers, and identity-critical services rely on DHCP integrity for routing or name resolution.

What's in the full analysis

Senserva's full analysis covers the operational detail this post intentionally leaves for the source:

  • Exact KB mappings for each affected Windows build and delivery path
  • Live exploitation-status tracking across Microsoft, CISA, and FIRST.org data feeds
  • Patch prioritisation workflow using CVSS, EPSS, and KEV together
  • The accompanying vulnerability management tracker and related update pages

👉 Read Senserva's analysis of CVE-2026-45602 and June Patch Tuesday →

Windows DHCP tampering vulnerability: are patch windows still enough?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

DHCP tampering is a trust boundary problem, not just a vulnerability item. When a core network service can be influenced, the attacker does not need to own every endpoint to shape enterprise behaviour. That makes the weakness relevant to identity and access programmes because network trust often underpins where authentication, policy enforcement, and service reachability succeed or fail. Practitioners should treat this as control-plane governance, not isolated server patching.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.

A question worth separating out:

Q: Who is accountable when critical patches miss their service level agreement?

A: Accountability should be shared across security, operations, and application owners, but it must be explicit in policy. If SLAs are missed repeatedly, the issue is no longer just a technical backlog. It becomes a governance failure that requires escalation, exception approval, and executive visibility until the exposure is closed.

👉 Read our full editorial: Windows DHCP tampering risk shows why patch timing matters



   
ReplyQuote
Share: